Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Google is calling EU cybersecurity founders
Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies.
Rackspace ransomware attack was executed by using previously unknown security exploit
The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.
Vulnerabilities in cryptographic libraries found through modern fuzzing
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic protocols.
Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)
To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one (CVE-2023-21549) that’s been publicly disclosed.
Crypto audit of Threema revealed many vulnerabilities
Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break authentication or recover users’ long-term private keys.
Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)
Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.”
FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475)
A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental or government-related targets, the company has shared.
4 identity security trends to watch in 2023
While many of the tried and true best security hygiene practices remain, we’ll face new and complex business challenges related to how we work, the systems we use, threats and compliance issues we face.
You must build a security team. Where do you start?
Security veteran Chris Deibler, the new VP of Security at DataGrail, has been brought in to build the company’s security team to support its growth.
Attackers abuse business-critical cloud apps to deliver malware
Over 400 distinct cloud applications delivered malware in 2022, nearly triple the amount seen in the prior year, and 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive, according to Netskope.
Why FIDO and passwordless authentication is the future
In this Help Net Security video, Jason Kent, Director at Open Seas, explains why FIDO and passwordless authentication is the future.
It’s official: Digital trust really matters to everyone online
In an environment with an expanded threat surface and a simple but powerful motivation for bad actors (financial reward), it is clear why digital trust is necessary.
Organizations are adopting SSE technology to secure hybrid work
With 88% of organizations supporting a hybrid or remote work model, it’s clear that the way people work has changed.
How to gain security consciousness through cost
In this Help Net Security video, Karthik Kannan, CEO at Anvilogic, talks about predictions for the cybersecurity world in 2023 and how to gain security consciousness through cost.
How to improve your incident response plan for 2023
Many organizations are confident in the existence of their incident response plan (IRP), but they are often not entirely sure what to do with it.
6 oversights that enable data breaches
Personal employee or customer data accounted for nearly 45% of all data stolen between July 2021 and June 2022, while companies’ source code and proprietary information accounted for a further 6.7% and 5.6% respectively, according to Imperva.
ChatGPT: The infosec assistant that is jack of all trades, master of none
ChatGPT from OpenAI is a conversational chatbot that was recently released in preview mode for research purposes.
The most significant DDoS attacks in the past year
In this Help Net Security video, Steve Winterfeld, Advisory CISO at Akamai, discusses the most powerful DDoS attacks in the past 12 months.
4 key shifts in the breach and attack simulation (BAS) market
The increase in the number of attack surfaces along with the rise in cybercriminal sophistication is generating technical debt for security operations centers (SOCs), many of which are understaffed and unable to dedicate time to effectively manage the growing number of security tools in their environment.
Why the atomized network is growing, and how to protect it
In this Help Net Security video, Martin Roesch, CEO of Netography, discusses the rise of the atomized network and the connected implications.
Maximizing data value while keeping it secure
How can organizations create an environment that allows the broadest access across distributed warehouses, databases, object stores and data exchanges, while at the same time maintaining consistent data oversight?
How to protect yourself from bot-driven account fraud
In this Help Net Security video, Nick Rieniets, Field CTO at Kasada, talks about this threat and offers tips on how to protect yourself from bot-driven account fraud.
7 security predictions for 2023
With online platforms and social media fully integrated into our daily routine, phishing and social engineering will continue to be a common cause of data breaches.
Guide: How virtual CISOs can efficiently extend their services into compliance readiness
While compliance used to be mainly the province of large enterprises, times have changed, and it is now a day-to-day concern for a growing number of small and medium businesses.